Snort mailing list archives
Re: Enterprise rollout - 50+ Distributed sensors with centralized managment / alerting / analysis
From: Shon <mindphuzz () yahoo com>
Date: Mon, 10 Jan 2005 17:17:00 -0800 (PST)
Sending only alert traffic is what I was hoping to achieve. When I said the solution would be impractical, that was under the assumption that the sensors would connect to a central DB and traffic would traverse the WAN link. Can you be more specific as to the solution? Are you talking about using Barnyard to processes the data locally and then sending/syncing just the alerts? Thanks. --- Seth Art <sethart () gmail com> wrote:
From what I've seen the most common solution is to have the sensors all log to a common DB, but Iassumethis solution is impractical over WAN connectionswithlimited bandwidth. So how do I get around this?I wouldn't say it's impractical at all. All of the traffic is NOT being sent to the central database. The analysis is being done on the remote sensor and ONLY THE ALERTS are being sent over the WAN/T1 connection on your mysql port. The alerts are tiny in comparison. -Seth Art
-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Enterprise rollout - 50+ Distributed sensors with centralized managment / alerting / analysis Shon (Jan 10)
- Re: Enterprise rollout - 50+ Distributed sensors with centralized managment / alerting / analysis Jason Haar (Jan 10)
- Re: Enterprise rollout - 50+ Distributed sensors with centralized managment / alerting / analysis Seth Art (Jan 10)
- Re: Enterprise rollout - 50+ Distributed sensors with centralized managment / alerting / analysis Shon (Jan 10)
- Re: Enterprise rollout - 50+ Distributed sensors with centralized managment / alerting / analysis Chris McClimans (Jan 12)
- Re: Enterprise rollout - 50+ Distributed sensors with centralized managment / alerting / analysis Shon (Jan 10)